dyn Signer is not Send

[kornelski]

I'm struggling to integrate the SDK in a multi-threaded application, because create_signer::from_keys returns Box<dyn Signer>. This trait does not require Sync implementation, which means that the signer is forever tied to the thread it's been created on.

It'd be ideal if it was Box<dyn Signer + Send + Sync>, but Box<dyn Signer + Send> will work too (it can be put in a Mutex).

Alternatively, if you made EdSigner public, I would use that type directly.

[gpeacock]

We should add some tests for multithreaded Rust clients to catch cases like this. I'll look into the fix or exporting EdSigner. FYI, CallbackSigner exports ed25519_sign

[gpeacock]

We are trying to move away from signing operations that require embedding a private key. CallbackSigner uses the public key to generated the signature and then calls back to a function to sign with a private key. That function can be implemented with KMS or other secure storage.

[kornelski]

BTW, please be specific in the documentation what format the key must be in. PEM isn't obvious, especially that such argument requires parsing the file over and over again. An Ed25519 signing function could be taking just 32-byte raw key material.